From 0c206ceb99e331d1cc9c8726c04c0004611688bc Mon Sep 17 00:00:00 2001 From: Rohith Jayawardene <gambol99@gmail.com> Date: Wed, 11 Oct 2017 22:20:37 +0000 Subject: [PATCH] Method Exclusion (#282) I introduced a bug and moving to the chi router; the method selection was not longer working and the auth middleware was being hit on methods no destined for auth. - removed the MethodNotAllowed, the source of the issue --- middleware_test.go | 24 ++++++++++++++++++++++++ server.go | 14 ++++++-------- 2 files changed, 30 insertions(+), 8 deletions(-) diff --git a/middleware_test.go b/middleware_test.go index 13f9f3c..fb151be 100644 --- a/middleware_test.go +++ b/middleware_test.go @@ -326,6 +326,30 @@ func TestOauthRequests(t *testing.T) { newFakeProxy(cfg).RunTests(t, requests) } +func TestMethodExclusions(t *testing.T) { + cfg := newFakeKeycloakConfig() + cfg.Resources = []*Resource{ + { + URL: "/post", + Methods: []string{http.MethodPost, http.MethodPut}, + }, + } + requests := []fakeRequest{ + { // we should get a 401 + URI: "/post", + Method: http.MethodPost, + ExpectedCode: http.StatusUnauthorized, + }, + { // we should be permitted + URI: "/post", + Method: http.MethodGet, + ExpectedProxy: true, + ExpectedCode: http.StatusOK, + }, + } + newFakeProxy(cfg).RunTests(t, requests) +} + func TestStrangeRoutingError(t *testing.T) { cfg := newFakeKeycloakConfig() cfg.Resources = []*Resource{ diff --git a/server.go b/server.go index 339695f..c9efd15 100644 --- a/server.go +++ b/server.go @@ -226,18 +226,16 @@ func (r *oauthProxy) createReverseProxy() error { r.authenticationMiddleware(x), r.admissionMiddleware(x), r.headersMiddleware(r.config.AddClaims)) - e.MethodNotAllowed(emptyHandler) - switch x.WhiteListed { - case false: - for _, m := range x.Methods { + + for _, m := range x.Methods { + if !x.WhiteListed { e.MethodFunc(m, x.URL, emptyHandler) + continue } - default: - for _, m := range x.Methods { - engine.MethodFunc(m, x.URL, emptyHandler) - } + engine.MethodFunc(m, x.URL, emptyHandler) } } + for name, value := range r.config.MatchClaims { r.log.Info("token must contain", zap.String("claim", name), zap.String("value", value)) } -- GitLab